[xmlsec] Enveloped Signature transformation

Javier Borrajo JBorrajo at Laudus.cl
Wed Mar 25 03:26:44 PST 2009

Answering my post: I'm sorry, I did not see the options 
--store-signatures in XMLSec.exe

That's all I needed.
Thanks anyway.


I would be very grateful if someone can tell me what is the real 
transformation that xmldsig#enveloped-signature does. In other words:

I have a simple XML document to sign:

<?xml version="1.0" encoding="ISO-8859-1"?>

And I sign it using the template file for XMLSec:

<?xml version="1.0" encoding="ISO-8859-1"?>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="">
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

The value for <DigestValue> is calculated canonicalizating the document, 
and it is easy to obtain. But this <DigestValue> is not what is signed; 
it suffers some transformations, and then it is signed. I would like to 
know what are these transformations, and the final string that really 
gets signed in this example.

Thanks a lot,

Javier Borrajo
/ Laudus SA/
/ Coyancura 2241, Of 83  -  Providencia/
( / 469 2100/
* / JBorrajo at Laudus.cl <mailto:JBorrajo at Laudus.cl>/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090325/55ac3506/attachment.htm

More information about the xmlsec mailing list